1916d2bcd44b4efbfb11f56d1e084429d7e3ae3684e650ecaf9a3568b0642fe6

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 05:10

Target

8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe
Size

1.4MB
MD5

8528326a24362ba2766dac4499c02820
SHA1

e8bd942837445f03104e958f9e7061103b13e2f8
SHA256

1916d2bcd44b4efbfb11f56d1e084429d7e3ae3684e650ecaf9a3568b0642fe6
SHA512

08a5419c736e8848a50d805034ab9ee8a3af525ff89220fe4b2550663144e7aed1cc6bcd9bedccc49c02f99e39dc7ebcb1ef9ff38fc5d34671f33b2cd283079e
SSDEEP

12288:Yg27mIUn8WeePQYYMAjVDa/ZSC+gRHnhvMCtjW:YDyAlZfa/ZSC+gVueC

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1956	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
1956	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe

Loads dropped DLL 4 IoCs

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2976	1956	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2076	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1956	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1956	2076	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe	29
PID 2076 wrote to memory of 1956	2076	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe	29
PID 2076 wrote to memory of 1956	2076	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe	29
PID 2076 wrote to memory of 1956	2076	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe	29
PID 1956 wrote to memory of 2976	1956	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe	30
PID 1956 wrote to memory of 2976	1956	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe	30
PID 1956 wrote to memory of 2976	1956	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe	30
PID 1956 wrote to memory of 2976	1956	8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe	30

\Users\Admin\AppData\Local\Temp\8528326a24362ba2766dac4499c02820_NeikiAnalytics.exe

Filesize
1.4MB

MD5
d847554ede81bb04a550f6ce5644810f

SHA1
73a3dacda9146c2bf6f5f22e4541c81c171f87a8

SHA256
180cd91ddbb8c85005b6096b0c63d1fa16a41bd7b0e403d7cd16646a8ff39335

SHA512
a7adb0ae9af890b5784e0c2f215a9db9e66e3fb0abac21724313cedd8a017025ff821923e799e054cf482b15e90f588264f29a7bd54e56ca3bb4ebc865943b16

Download Submit
memory/1956-10-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/1956-11-0x0000000002E40000-0x0000000002F33000-memory.dmp

Filesize
972KB

Download
memory/2076-0-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2076-6-0x0000000002E00000-0x0000000002EF3000-memory.dmp

Filesize
972KB

Download
memory/2076-9-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download